Clients do not always realize how important it is to have proper internal security policies in place. They often view security policies as a nuisance as opposed to a layer of protection. We have assembled a list of three cyber security tips that we think are most important to keep an organization safe from attackers.
- Create a Complex Password
Creating a complex password and changing it periodically affects an attacker’s ability to infiltrate your organization. While hackers have the ability to crack passwords, it takes a longer amount of time for the hacker to crack a 10-character complex password than it would a 4-character simple password. Clients must be reminded and at times, shown, that with the right tools, passwords can be cracked within seconds.
- Enforce a Lockout Policy
On top of implementing a password complexity requirement, it is also a good idea for organizations to enforce a Lockout Policy to protect against brute force attacks, as was the case with Apple’s iCloud hack that occurred in late 2014. A Lockout Policy will disable a user’s account if an incorrect password is entered a specified number of times over a specified period of time.
- Remove Local Admin Rights from Account
Another policy that clients do not always implement is removing Local Administrator rights from their account. They view this as an inconvenience as they no longer have free reign over their machine. However, they must be reminded that if their machine were to be exploited, that free reign of the machine now belongs to the attacker. If an attacker gains access to a machine and is logged in with local admin rights, the damage that can occur significantly increases than if the attacker was logged in as a restricted user. Local admin rights give an attacker the ability to install malicious software that can spread throughout the victim’s network.
While having a firewall, Intrusion Prevention System, and password-protected equipment is a step in the right direction, it is not nearly enough. Focusing solely on the perimeter leads to a neglected internal environment, which is enough for an attacker to get their “foot in the door.” Clients must be reminded that threats can emanate from outside or inside of the organization. They must also remember that not only technology keeps an organization safe, but also the people.
By: Tiffany Tucker